You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Sourabh Sarvotham Parkala (Jira)" <ji...@apache.org> on 2022/08/12 08:26:00 UTC

[jira] [Commented] (SOLR-16141) Update Apache poi to the version 5.2.1

    [ https://issues.apache.org/jira/browse/SOLR-16141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17578860#comment-17578860 ] 

Sourabh Sarvotham Parkala commented on SOLR-16141:
--------------------------------------------------

[~krisden] The reason my colleague asked about this is to still provide a fix for BDSA-2022-0608 (CVE-2022-26336).

The affected library is just org.apache.poi:poi-scratchpad:jar:4.1.2

Hence, please let us know if we can just update the org.apache.poi:poi-scratchpad to 5.2.1? Would this cause regression in solr-cell 8.11.1? Let us know if it is ok to just update poi-scratchpad to 5.2.1.

Thanks
Sourabh

> Update Apache poi to the version 5.2.1
> --------------------------------------
>
>                 Key: SOLR-16141
>                 URL: https://issues.apache.org/jira/browse/SOLR-16141
>             Project: Solr
>          Issue Type: Wish
>            Reporter: Ivan Viaznikov
>            Priority: Major
>
> org.apache.solr:solr-cell module uses Apache POI. Apache POI version 5.2.1 includes several bug fixes, including a resolution for CVE-2022-26336, which impacts poi-scratchpad.
> Therefore requesting you to update the version of Apache POI to 5.2.1



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org